This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-10T16:46:14+00:00 www.secnews.physaphae.fr CybeReason - Vendor blog We have a pretty good idea by now of what Extended Detection and Response (XDR) is. As we noted in an earlier article, titled XDR: The Next Step in Threat Detection and Response, XDR is a security approach that builds on the successes of Endpoint Detection and Response (EDR).]]> 2021-09-01T13:02:03+00:00 https://www.cybereason.com/blog/the-value-drivers-for-an-xdr-investment www.secnews.physaphae.fr/article.php?IdArticle=3320343 False Threat None None CybeReason - Vendor blog The attention generated by the DarkSide ransomware attack against Colonial Pipeline in May has helped to reshape the ransomware threat landscape. One of the most important modifications came when the digital crime forum XSS announced that members could no longer post about ransomware topics. The Exploit forum followed suit not long after, as reported by Bleeping Computer.]]> 2021-08-31T12:01:26+00:00 https://www.cybereason.com/blog/evolving-ransomware-tactics-include-recruiting-insiders-and-ddos-attacks www.secnews.physaphae.fr/article.php?IdArticle=3314865 False Ransomware,Threat None None CybeReason - Vendor blog One of the mainstays of organizations' digital security postures is a Security Information and Event Management (SIEM) platform. According to CSO Online, SIEMs augment threat monitoring and incident response with log analysis.]]> 2021-08-17T12:51:03+00:00 https://www.cybereason.com/blog/xdr-the-key-to-solving-siem-shortcomings www.secnews.physaphae.fr/article.php?IdArticle=3242374 False Threat None None CybeReason - Vendor blog Cybereason recently discovered several previously unidentified attack campaigns targeting the telecoms industry across Southeast Asia that are assessed to be the work of multiple Chinese APT groups. The attacks are detailed in the threat intelligence report titled DeadRinger: Exposing Chinese Threat Actors Targeting Major Telcos.]]> 2021-08-16T12:04:08+00:00 https://www.cybereason.com/blog/malicious-life-podcast-deadringer-exposing-chinese-apts-targeting-major-telcos www.secnews.physaphae.fr/article.php?IdArticle=3236072 True Threat None None CybeReason - Vendor blog LockBit ransomware is the latest threat posing an increased risk for organizations. The ransomware gang has been making headlines recently. LockBit has also reportedly compromised Accenture. The group reportedly revealed the attack on their site on the DarkWeb, noting, “these people are beyond privacy and security. Hope their services are better than what I have seen inside. If you are interested in purchasing data sets, contact us.”]]> 2021-08-11T14:45:48+00:00 https://www.cybereason.com/blog/rising-threat-from-lockbit-ransomware www.secnews.physaphae.fr/article.php?IdArticle=3211511 False Ransomware,Threat None None CybeReason - Vendor blog The global EDR market (Endpoint Detection and Response) is growing rapidly. The Transparency Market Research team predicted that this market will increase at a CAGR of about 21% in the next decade, reported Help Net Security. If it happens, this growth will help the global EDR market surpass a valuation of $13.8 billion by 2030.]]> 2021-08-09T12:18:15+00:00 https://www.cybereason.com/blog/xdr-the-next-step-in-threat-detection-and-response www.secnews.physaphae.fr/article.php?IdArticle=3199252 False Threat None None CybeReason - Vendor blog Following the discovery of Hafnium attacks targeting Microsoft Exchange vulnerabilities, the Cybereason Nocturnus and Incident Response teams proactively hunted for various threat actors trying to leverage similar techniques in-the-wild. In the beginning of 2021, the Cybereason Nocturnus Team investigated clusters of intrusions detected targeting the telecommunications industry across Southeast Asia. During the investigation, three clusters of activity were identified and showed significant connections to known threat actors, all suspected to be operating on behalf of Chinese state interests. The report comes on the heels of the Biden administration's public rebuke of China's Ministry of State Security for the recent HAFNIUM attacks that exploited vulnerabilities in unpatched Microsoft Exchange Servers and put thousands of organizations worldwide at risk. Exploitation of these same vulnerabilities were central to the success of the attacks detailed in this research.]]> 2021-08-03T04:03:00+00:00 https://www.cybereason.com/blog/deadringer-exposing-chinese-threat-actors-targeting-major-telcos www.secnews.physaphae.fr/article.php?IdArticle=3164929 False Threat None None CybeReason - Vendor blog The Cybereason Nocturnus Research Team recently released a major threat intelligence research report titled DeadRinger: Exposing Chinese Threat Actors Targeting Major Telcos, which details the discovery of several previously unidentified attack campaigns targeting the telecommunications industry across Southeast Asia, where several clusters of attack activity were identified and assessed to be the work of several prominent APT groups who are known to conduct operations aligned with the interests of the Chinese government.]]> 2021-08-03T04:00:17+00:00 https://www.cybereason.com/blog/webinar-deadringer-exposing-chinese-threat-actors-targeting-major-telcos www.secnews.physaphae.fr/article.php?IdArticle=3164930 False Threat None None CybeReason - Vendor blog On June 11, McDonald's said in a message to its U.S. employees that it had discovered unauthorized activity on an internal security system. The burger chain responded by bringing on some external consultants to investigate what had happened, reported the Wall Street Journal. ]]> 2021-06-17T12:32:14+00:00 https://www.cybereason.com/blog/biden-putin-summit-and-why-threat-actors-just-wont-give-it-a-rest www.secnews.physaphae.fr/article.php?IdArticle=2942292 False Threat None None CybeReason - Vendor blog One look at all the ransomware attacks from the past few years, and it's clear that crypto-malware actors are attempting to maximize their financial gain. We've observed these threat groups using multiple techniques to profit even more off their victims than in years past. Here are a few tactics that stood out to us. ]]> 2021-06-14T11:59:48+00:00 https://www.cybereason.com/blog/ransomware-attacks-are-evolving-what-you-need-to-know www.secnews.physaphae.fr/article.php?IdArticle=2922351 False Ransomware,Threat None None CybeReason - Vendor blog The threat actors behind last year's SolarWinds supply chain attack have launched a new email attack campaign aimed at organizations around the world. This attack wave attracted the attention of the Microsoft Threat Intelligence Center (MSTIC) on May 25. ]]> 2021-06-01T16:53:30+00:00 https://www.cybereason.com/blog/solarwinds-threat-actors-behind-new-email-attack-campaign www.secnews.physaphae.fr/article.php?IdArticle=2865541 False Threat None None CybeReason - Vendor blog The state of the threat landscape in general, and incidents like the recent ransomware attack against Colonial Pipeline demand that we take immediate action to improve cybersecurity defenses. The recent executive order (EO) on cybersecurity from President Biden is a bold step in the right direction.  ]]> 2021-05-25T12:23:45+00:00 https://www.cybereason.com/blog/new-cybersecurity-executive-order-will-it-have-impact www.secnews.physaphae.fr/article.php?IdArticle=2835507 False Threat None None CybeReason - Vendor blog This week marks the milestone of the Biden Administration's first 100 days. It is somewhat arbitrary to expect an incoming president to achieve significant progress in just 100 days, or to judge success or failure based on such a small span of time. However, it does provide a glimpse into the vision and direction of the administration, and so far it seems like President Biden is preparing to address the growing cybersecurity threat from our adversaries. ]]> 2021-04-30T12:20:47+00:00 https://www.cybereason.com/blog/100-days-down-1360-days-of-nation-state-cybersecurity-threats-to-go www.secnews.physaphae.fr/article.php?IdArticle=2721690 False Threat None None CybeReason - Vendor blog The Cybereason Nocturnus Team has been tracking recent developments in the RoyalRoad weaponizer, also known as the 8.t Dropper/RTF exploit builder. Over the years, this tool has become a part of the arsenal of several Chinese-related threat actors such as Tick, Tonto Team and TA428, all of which  employ RoyalRoad regularly for spear-phishing in targeted attacks against high-value targets. ]]> 2021-04-30T12:11:34+00:00 https://www.cybereason.com/blog/portdoor-new-chinese-apt-backdoor-attack-targets-russian-defense-sector www.secnews.physaphae.fr/article.php?IdArticle=2721691 False Tool,Threat None None CybeReason - Vendor blog The digital threat landscape as a whole is constantly changing and evolving. That can make it difficult to keep track of new developments for specific threats like ransomware. Don't worry though, Cybereason has got you covered.]]> 2021-04-28T12:59:38+00:00 https://www.cybereason.com/blog/five-things-you-need-to-know-about-ransomware-attacks www.secnews.physaphae.fr/article.php?IdArticle=2708451 False Ransomware,Threat None None CybeReason - Vendor blog If you've been researching MITRE ATT&CK and aligning your security program maturity measurement to it, you're likely excited for this year's ATT&CK evaluation from MITRE Engenuity, which tests security vendors' ability to quickly detect and stop tactics and techniques used by today's threat actors.]]> 2021-04-15T18:02:25+00:00 https://www.cybereason.com/blog/mitre-attck-evaluations-unpacking-the-emulation www.secnews.physaphae.fr/article.php?IdArticle=2647605 False Threat None None CybeReason - Vendor blog The recent HAFNIUM attacks hit tens of thousands of organizations' Microsoft Exchange servers around the globe. Now, an array of other threat actors are leveraging the residual webshells on victim systems to launch new attacks against organizations who thought patching the Microsoft vulnerabilities would have been enough to be protected.]]> 2021-03-23T18:00:09+00:00 https://www.cybereason.com/blog/malicious-life-podcast-bside-hafnium www.secnews.physaphae.fr/article.php?IdArticle=2523401 False Threat,Patching None None CybeReason - Vendor blog It was recently disclosed that Microsoft Exchange offerings were severely compromised in nation-state sponsored operations by the threat group known as HAFNIUM. This incident has potentially affected tens-of-thousands of public and private organizations across the globe.]]> 2021-03-18T15:27:30+00:00 https://www.cybereason.com/blog/hafnium-response-cybereason www.secnews.physaphae.fr/article.php?IdArticle=2501029 False Threat None None CybeReason - Vendor blog Digital attackers compromised the live feeds of 150,000 surveillance cameras made by enterprise security camera system manufacturer Verkada. According to Bloomberg News, a hacking collective that calls itself “Advanced Persistent Threat 69420” gained access to Verkada by misusing a “Super Admin” account at the company.]]> 2021-03-11T17:36:05+00:00 https://www.cybereason.com/blog/live-feeds-of-150k-surveillance-cameras-compromised-in-verkada-breach www.secnews.physaphae.fr/article.php?IdArticle=2468907 False Threat None None CybeReason - Vendor blog An international law firm attributed a data breach to a compromise at a cloud solutions company that provides file-sharing services. According to the Wall Street Journal, a threat actor claimed to have stolen data from global law firm Jones Day and published that information on the dark web.]]> 2021-02-17T18:35:26+00:00 https://www.cybereason.com/blog/global-law-firm-attributes-data-breach-to-compromise-at-file-sharing-provider www.secnews.physaphae.fr/article.php?IdArticle=2362105 False Data Breach,Threat None None CybeReason - Vendor blog The NetWalker ransomware has been one of the most notorious ransomware families over the course of the past year, targeting organizations in the US and Europe including several healthcare organizations, despite several known threat actors publicly claiming to abstain from targeting such organizations due to COVID-19.]]> 2021-02-16T13:00:00+00:00 https://www.cybereason.com/blog/cybereason-vs.-netwalker-ransomware www.secnews.physaphae.fr/article.php?IdArticle=2354971 False Ransomware,Threat None None CybeReason - Vendor blog It is true in general that technology is always changing, and the threat landscape is constantly evolving, but 2020 has amplified the cybersecurity challenge. Organizations of all sizes and across all industries already struggled to effectively manage risk and cyber resilience, but the global pandemic of COVID-19 has introduced a sudden and dramatic shift that tips the playing field in favor of attackers and exacerbates the task. ]]> 2021-01-25T14:44:34+00:00 https://www.cybereason.com/blog/wipros-state-of-cybersecurity-report-reveals-valuable-insights www.secnews.physaphae.fr/article.php?IdArticle=2242115 False Threat None None CybeReason - Vendor blog We spent some time with Katie Nickels - current Director of Intelligence at Red Canary and formerly MITRE ATT&CK Threat Intelligence Lead - to discuss applied threat intelligence, prioritizing threats for impact, and working incident response in remote environments - check it out...]]> 2020-12-07T20:46:46+00:00 https://www.cybereason.com/blog/ever-evolving-katie-nickels-on-incident-response-in-a-remote-world www.secnews.physaphae.fr/article.php?IdArticle=2083469 False Threat,Guideline APT 15 None CybeReason - Vendor blog On October 29, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) published a joint alert with the Federal Bureau of Investigations (FBI) and the Department of Health and Human Services (HHS). In it, the organizations claimed to “have credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.” CISA, the FBI and HHS attributed the threat to the digital criminal enterprise behind TrickBot, malware which is capable of targeting victims with ransomware.]]> 2020-10-30T19:55:19+00:00 https://www.cybereason.com/blog/law-enforcement-warns-of-imminent-ransomware-threat-to-u.s.-hospitals www.secnews.physaphae.fr/article.php?IdArticle=2005115 False Ransomware,Malware,Threat None None CybeReason - Vendor blog VB2020, the annual Virus Bulletin international conference “featuring the latest and best research on malware, malicious actors and threat intelligence,” has gone virtual this year and will be live-streamed 30 Sept - 2 Oct, 2020. The conference is free of charge, and offers a wide selection of presentations for on-demand viewing in addition to the live sessions.]]> 2020-09-22T17:23:19+00:00 https://www.cybereason.com/blog/vb2020-anchor-bazar-and-the-trickbot-connection www.secnews.physaphae.fr/article.php?IdArticle=1932839 False Threat None None